There are parties, e.g. enterprises, that uses S/MIME certificates for e-mail encryption. To my understanding Thunderbird has support by default for S/MIME. But I have not found a way to obtain a personal S/MIME certificate to be used on a Ubuntu system. Thus my question:

How to obtain a S/MIME certificate for e-mail encryption?

Moreover, is it correct to believe that Thunderbird has support by default for S/MIME?

I am fully aware of PGP, GnuPG and OpenPGP for public-key cryptography and secure e-mail communication. In my opinion, it is very useful that OpenPGP is installed by default on Ubuntu systems. But I need to find a method to communicate securely with parties that use S/MIME and not PGP/GnuPG/OpenPGP.

2 Answers
2

There are some issuing bodies that will give you a free certificate, as listed in this Mozillazine article here. One company that offers them for no charge is Comodo and another is startssl as mentioned by Taneli, so those two are two decent possibilities. Personally, I used the Comodo certificate for a while until I had to move to OpenPGP. The Comodo one is guaranteed to work with s/mime compliant applications and their information page mentions thunderbird.

Thunderbird by default has great support for S/MIME signing and encryption. As noted in another mozillazine article, it is relatively quick to setup, although it is advised to set a master password as well to protect the use of your certificates. Importantly, you need to do this before importing your certificate into thunderbird.

You then need to add your certificate to your Thunderbird mail account (see second screenshot) by going to account settings and clicking the security tab. All this is simple to setup and to use once you have your certificate.

The security options are clearly visible when composing a mail (see third screenshot) and you can add your signature or fully encrypt the mail.

These screenshots are from thunderbird 14.
(Note: I have temporarily removed the enigmail OpenPGP addon from my copy of thunderbird so that the menus in my screenshots should look the same as in your thunderbird.)

I have no experience using them in thunderbird, but S/MIME certificates are issued by certificate authorities. This often involves some sort of payment and validation (of sorts) of your identity / existence. For practical purposes, at least startSSL seems to be issuing them for free. Many organizations (companies, schools, etc) may be able to issue such certificates for their employees/other associates.